1、步骤

• 新建一个数据库，存储用户的密码 ```sql use study; create table t_user( id int primary key auto_increment, username VARCHAR(255), password VARCHAR(255) ); — primary key auto_increment — 自增

INSERT into t_user(username,password) values (‘admin’,’123456’); INSERT into t_user(username,password) values (‘xl’,’123456’);

commit;

![image.png](https://cdn.nlark.com/yuque/0/2022/png/2560440/1648211413304-d94e822e-bf02-4713-a541-f5ee55b4e915.png#clientId=u55d8bee7-4680-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=415&id=u95e7d324&margin=%5Bobject%20Object%5D&name=image.png&originHeight=622&originWidth=1055&originalType=binary&ratio=1&rotation=0&showTitle=false&size=35604&status=done&style=shadow&taskId=ub38475a8-118d-4670-9630-43083c7ecaf&title=&width=703.3333333333334)
- [x] 编写登录页面
![image.png](https://cdn.nlark.com/yuque/0/2022/png/2560440/1648211519955-d66aada3-2fdc-41ae-baa9-9236236aa9dc.png#clientId=u55d8bee7-4680-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=558&id=ud5c20c8f&margin=%5Bobject%20Object%5D&name=image.png&originHeight=837&originWidth=1445&originalType=binary&ratio=1&rotation=0&showTitle=false&size=318048&status=done&style=none&taskId=u34ddbe25-8f31-4fc4-bb00-e7a41680ecd&title=&width=963.3333333333334)
- [x] 编写一个类，通过类调用数据库判断密码是否正确
![image.png](https://cdn.nlark.com/yuque/0/2022/png/2560440/1648211576233-f9966d7d-5b32-483e-9c9c-d60e4d1b4eeb.png#clientId=u55d8bee7-4680-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=608&id=u99d76c0a&margin=%5Bobject%20Object%5D&name=image.png&originHeight=912&originWidth=1482&originalType=binary&ratio=1&rotation=0&showTitle=false&size=365604&status=done&style=none&taskId=u565e3cf4-fee4-4c19-951d-5dacb9ed3b7&title=&width=988)
```java
package oa.action;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import oa.bean.Dept;
import oa.untils.DBUtil;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
/**
* @Author: 小雷学长
* @Date: 2022/3/25 - 17:32
* @Version: 1.8
*/
@WebServlet({"/user/login"})
public class UserServlet extends HttpServlet {
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
        boolean success = false;
        //前端提交方式：username=admin&password=123
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        /*
        * 连接数据库
        */
        Connection conn = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        try {
            //获取连接
            conn = DBUtil.getConnection();
            //获取预编译的数据库操作对象
            String sql = "select * from t_user where username = ? and password = ?";
            //编译SQL语句
            ps = conn.prepareStatement(sql);
            //给?传值
            ps.setString(1, username);
            ps.setString(2, password);
            //执行SQL
            rs = ps.executeQuery();
            //处理结果集
            //这里不需要while
            if (rs.next()) {
                success = true;
                System.out.println("测试");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        } finally {
            //释放资源
            DBUtil.close(conn, ps, rs);
        }
        //成功
        if (success) {
            //重定向
            response.sendRedirect(request.getContextPath() + "/dept/list");
        } else {
            response.sendRedirect(request.getContextPath() + "/error.jsp");
        }
    }
}

2、实现

3、存在的问题

• 登录功能没有起到拦截的作用，有URL照样可以跳过登录限制
• 用session方法改造session改造OA的登录功能